CVE-2021-47386

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-47386
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multi-line alignment]

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/16887ae4e3defd2c4e7913b6c539f33eaf4eac5c
https://git.kernel.org/stable/c/44d3c480e4e2a75bf6296a18b4356157991ccd80
https://git.kernel.org/stable/c/516d9055039017a20a698103be2b556b4c976bb8
https://git.kernel.org/stable/c/943c15ac1b84d378da26bba41c83c67e16499ac4
https://git.kernel.org/stable/c/16887ae4e3defd2c4e7913b6c539f33eaf4eac5c
https://git.kernel.org/stable/c/44d3c480e4e2a75bf6296a18b4356157991ccd80
https://git.kernel.org/stable/c/516d9055039017a20a698103be2b556b4c976bb8
https://git.kernel.org/stable/c/943c15ac1b84d378da26bba41c83c67e16499ac4
Configurations

No configuration.

History

21 Nov 2024, 06:36

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/16887ae4e3defd2c4e7913b6c539f33eaf4eac5c - () https://git.kernel.org/stable/c/16887ae4e3defd2c4e7913b6c539f33eaf4eac5c -
References () https://git.kernel.org/stable/c/44d3c480e4e2a75bf6296a18b4356157991ccd80 - () https://git.kernel.org/stable/c/44d3c480e4e2a75bf6296a18b4356157991ccd80 -
References () https://git.kernel.org/stable/c/516d9055039017a20a698103be2b556b4c976bb8 - () https://git.kernel.org/stable/c/516d9055039017a20a698103be2b556b4c976bb8 -
References () https://git.kernel.org/stable/c/943c15ac1b84d378da26bba41c83c67e16499ac4 - () https://git.kernel.org/stable/c/943c15ac1b84d378da26bba41c83c67e16499ac4 -

13 Nov 2024, 19:35

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwmon: (w83791d) Corrija la desreferencia del puntero NULL eliminando el campo de estructura innecesario. Si el controlador lee el valor val suficiente para (val & 0x08) && (!(val & 0x80)) && (( val & 0x7) == ((val >> 4) & 0x7)) desde el dispositivo, luego se produce la desreferencia del puntero null. (Es posible si tmp = 0b0xyz1xyz, donde los mismos literales significan los mismos números) Además, lm75[] ya no sirve para nada después de cambiar a devm_i2c_new_dummy_device() en w83791d_detect_subclients(). El parche corrige la posible desreferencia del puntero NULL eliminando lm75[]. Encontrado por el proyecto de verificación de controladores de Linux (linuxtesting.org). [groeck: Se eliminaron líneas de continuación innecesarias, se corrigió la alineación de varias líneas]
CWE CWE-476
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

21 May 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-21 15:15

Updated : 2024-11-21 06:36

NVD link : CVE-2021-47386

Mitre link : CVE-2021-47386

CVE.ORG link : CVE-2021-47386

JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024